The Path Less Traveled: Abusing Kubernetes Defaults - Duffie Cooley, VMware & Ian Coldwater, Heroku

less than 1 minute read

Abstract

While the industry and the community are starting to pay attention to Kubernetes security, there are many attack paths that aren’t well-documented, and are rarely discussed. This lack of information can make your clusters vulnerable.In this live demonstration-filled talk, we are going to provide an overview of the Kubernetes control plane before using sigs.k8s.io/kind to show some of the attack surface exposed by a default configuration of Kubernetes. There will be multiple exploits involving various moving parts, including cluster takeovers and host escapes. We’ll show you mitigations, and then show you how to get around those.The audience will walk away from this talk with a better understanding of Kubernetes’ default attack surface, how it can be exploited, and how to keep their clusters safer.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

The Path Less Traveled: Abusing Kubernetes Defaults - Duffie Cooley, VMware & Ian Coldwater, Heroku

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google